Consider using the App_data folder as your Sitecore data folder

Sitecore recommends moving the data folder outside of the webroot because of security issues. This is normally a good idea, as the datafolder contains information, which shouldn’t be accessible for end users. However you might as well use .NET’s security applied to the App_data folder.

I have seen quite a few Sitecore installations, where the data folder has been moved outside the webroot. This is recommended practice from Sitecore, but when you move the datafolder outside of the webroot, you need to enter an absolute path in the web.config. This can be quite annoying, as the absolute path might vary from environment to environment. For instance you might have to change the setting every time you deploy to your test and production environment or even worse it might vary from developer machine to developer machine.

Another solution is to use the App_data folder. The App_data folder was introduced by Microsoft to hold filebased databases and similar data files in a secure way. Files placed in this folder cannot be requested by end users directly, so you will not have any issues with that. Files will not be served because of a special httpHandler that denies the request. Microsoft writes:

“Storing an XML data file in the Web application directory is a potential security threat. By default, IIS will serve XML data files to the Web. To improve security when using a local data file in an ASP.NET application, you should store the data file in the App_Data directory. Files stored in the App_Data directory will not be served to the Web.”

To use the App_data folder just create a folder called “App_Data” in your webroot and move the contents of the normal Sitecore data folder to the new folder. Now all you need to do, is to change the dataFolder location in the web.config, which can be done here:

<sc.variable name="dataFolder" value="/App_Data" />

So consider using the App_Data folder if you don’t want to enter an absolute path in your web.config.

Please rate this article

1 rates / 5 avg.

About the author:

Jens Mikkelsen

Jens Mikkelsen is a partner at Inmento Solutions a Sitecore consulting firm. He works as a Sitecore specialist and consulting helping clients architect and build quality Sitecore solutions using the newest modules and tools.

Further he has been deeply envolved in various complex solutions and has built up a strong knowledge of Sitecore architecture and best practices. He has especially focused on and is specialized in debugging and analyzing Sitecore solutions.

Jens is very interested in the technical mechanisms in the new marketing products such as Sitecore DMS and Sitecore ECM.

4 responses to "Consider using the App_data folder as your Sitecore data folder"

Hej Jens,Good article! I recently tried /App_Data/Data as the sitecore data directory, but this caused timeouts when accessing the sitecore shell (Desktop). Haven't tried /App_Data, but that would be a good option as well.

BTW. Where is your company based? I currently live in Herning (Midtjylland).